This is a follow-up subtopic for main planning blog and expansion on deep dive on How and How Much elements of planning exercise.
Why?
The capability to handle logging in a systematic way has to be in the mind of every IT department. It allows you to:
- Understand how workloads behave during development, under stress/performance testing and in real life.
- It gives you insights on how your products and services are being consumed by your end customers. Do they have a good experience with some but not others?
- When integrated with security operation center, it also warns you on suspicious activities
What and How?
There are four key pillars of logging:
Collection
The ability to collect logs relevant. Azure provides out-of-box log collection via Diagnostic Settings for individual services.
Be careful when capturing app trace log as volume can have cost (storage cost) and performance implication for services being monitored. Pick the right logging level based on monitoring need and your application load.
Aggregation
To aggregate logs collected via Diagnostic Settings, you can send them to a Auzre Log Analytics Workspace which is an Azure storage for logs. You can then search, query and visualise, create alert rules. You can also choose to stream logs via Event Hub to platforms like Splunk if it is a preferred platform with existing expertise and capacity — which is again an out-of-box feature from Diagnostic Settings.
Visualisation
Once log data in your chosen store, you can visualise them to easier consumption and maybe to a wider audiences. With this blog, my focus is Azure native capacities:
Azure Monitor Dashboard is positioned to build single-pane-of-glass views for targeted audiences.
“Log Analytics dashboards can visualise all of your saved log queries, giving you the ability to find, correlate, and share IT operational data in the organisation.”
KQL is a handy language to allow you get similar flexibility in querying your logs as you would get from Splunk. You don’t need to be a master and even knowing the basics will get you very far on your journey of log analysis and visualisation.
Azure workbooks are interactive/parameterised visualisation gear towards technical staff. You leverage template workbooks for different Azure Services as building blocks the visualisation you desire.
Cleanup/Retention
You can start collecting logs and store them without considering cleanup and retain for financial and compliance reasons.
Azure has a new feature in preview (as at July 2022), which allows you to set your retention policy so that you can stop paying for storage cost for data you don’t need. If there is regulatory requirements to storage some logs for a long period of time, you can set up archiving policy to save cost.
I can dive in to details of individual pillars if you think there is value and hope this short post give you overview of how you can work with logging.
